How to configure Microtik Router in easy Steps using dual ISP with failover Feature.

Here's how to configure dual ISP failover on your MikroTik HAP Lite **using Winbox** (GUI)

---

 Step 1. Rename Interfaces

1. Go to **Interfaces**.

2. Rename the physical ports connected to your ISPs:

   - `ether1` → **WAN1** (ISP1)

   - `ether2` → **WAN2** (ISP2)

   - (Optional) Rename your LAN port (e.g., `ether3` → **LAN**).

---

Step 2. Assign IP Addresses to WAN Interfaces

1. Go to **IP > Addresses**.

2. Click **+** (Add):

   - **Address**: `192.168.1.20/24` (ISP1)

   - **Interface**: `WAN1`

3. Click **+** again:

   - **Address**: `192.168.31.21/24` (ISP2)

   - **Interface**: `WAN2`

---

Step 3. Configure Default Routes

1. Go to **IP > Routes**.

2. Add **Primary Route** (ISP1):

   - **Destination**: `0.0.0.0/0`

   - **Gateway**: `192.168.1.1` (ISP1’s gateway)

   - **Distance**: `1`

   - Check **Check Gateway**: `ping`

   - **Comment**: `ISP1-Primary`

3. Add **Backup Route** (ISP2):

   - **Destination**: `0.0.0.0/0`

   - **Gateway**: `192.168.31.1` (ISP2’s gateway)

   - **Distance**: `2`

   - Check **Check Gateway**: `ping`

   - **Comment**: `ISP2-Backup`

---

Step 4. Configure NAT (Masquerade)

1. Go to **IP > Firewall > NAT**.

2. Click **+** to add a NAT rule for ISP1:

   - **Chain**: `srcnat`

   - **Out. Interface**: `WAN1`

   - **Action**: `masquerade`

3. Click **+** again for ISP2:

   - **Chain**: `srcnat`

   - **Out. Interface**: `WAN2`

   - **Action**: `masquerade`

---

Step 5. Set Up Failover Monitoring (Netwatch)

1. Go to **Tools > Netwatch**.

2. Click **+** to add a monitor for ISP1:

   - **Host**: `8.8.8.8` (or your ISP’s DNS)

   - **Timeout**: `2s`

   - **Interval**: `5s`

   - **Source Address**: `192.168.1.20` (ISP1’s IP)

   - **On Down** (Script):

     ```

     /ip route disable [find comment="ISP1-Primary"]; /ip route enable [find comment="ISP2-Backup"]

     ```

   - **On Up** (Script):

     ```

     /ip route enable [find comment="ISP1-Primary"]; /ip route disable [find comment="ISP2-Backup"]

     ```

---

Step 6. Configure DNS

1. Go to **IP > DNS**.

2. Set **Servers**: `8.8.8.8,8.8.4.4` (or your ISP’s DNS).

---

Step 7. Firewall Rules

1. Go to **IP > Firewall > Filter Rules**.

2. Add basic rules to allow traffic and block unwanted access:

   - **Input Chain**:

     - Allow established/related connections.

     - Drop traffic from `WAN1` and `WAN2`.

   - **Forward Chain**:

     - Enable `fasttrack-connection` for established/related traffic.

---

Step 8. LAN Configuration

1. Assign an IP to the LAN interface:

   - Go to **IP > Addresses**.

   - Add `192.168.88.1/24` to the LAN interface (e.g., `ether3`).

2. Set up DHCP Server:

   - Go to **IP > DHCP Server**.

   - Create a DHCP pool (e.g., `192.168.88.100-192.168.88.200`).

   - Configure the DHCP network with gateway `192.168.88.1`.

---

Testing

1. **Verify Routes**:

   - Go to **IP > Routes**. The primary route (ISP1) should be active (status `A`).

2. **Test Failover**:

   - Disconnect ISP1’s cable. Traffic should switch to ISP2 within seconds.

3. **Check NAT**:

   - Ensure both NAT rules are enabled under **IP > Firewall > NAT**.

---

### **Troubleshooting Tips**

- If the gateway doesn’t respond to pings, use `arping` instead of `ping` in **Check Gateway**.

- For more advanced failover, use **Mangle Rules** with connection marking (optional).

These are some easy steps with the help of these steps you can configure your Microtik HAP Lite or any other Microtik Router easily. 😉